Pattern 3: Federated Identity, National AuthZ

Pattern Description

This pattern allows local identity providers to be used to manage and authenticate users, but by establishing a trust relationship with a national service, allows these identities to be linked to national identities for use outside the local area. These identities are then used to authorise access using a national authorisation server.

Benefits

Can be built to address local needs, but within a national framework that establishes proven types and levels of authentication.

By adhering to this overall framework, these local solutions can be federated and trusted by local systems, and potentially authentication services in other regions – allowing use outside the immediate local area.

Concerns

Requires up-front work to develop a national framework, and establishment of a national assessment process to assure local solutions in order to grant them “trusted” status and federate with them.

Would only do authorisation against nationally agreed policies using information held about the user nationally – e.g. would not do checks that rely on user attributes only held in the local systems, such as legitimate relationship checks